From: Stephan Mueller <smueller@chronox.de>
To: "Austin S. Hemmelgarn" <ahferroin7@gmail.com>
Cc: "Theodore Ts'o" <tytso@mit.edu>, "David Jaša" <djasa@redhat.com>,
"Andi Kleen" <andi@firstfloor.org>,
sandyinchina@gmail.com,
"Jason Cooper" <cryptography@lakedaemon.net>,
"John Denker" <jsd@av8n.com>,
"H. Peter Anvin" <hpa@linux.intel.com>,
"Joe Perches" <joe@perches.com>, "Pavel Machek" <pavel@ucw.cz>,
"George Spelvin" <linux@horizon.com>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 0/5] /dev/random - a new approach
Date: Wed, 22 Jun 2016 15:25:06 +0200 [thread overview]
Message-ID: <10276045.g3Gar43YLo@tauon.atsec.com> (raw)
In-Reply-To: <5df01797-ccf2-f7fb-5d39-15602a4a306a@gmail.com>
Am Mittwoch, 22. Juni 2016, 08:54:16 schrieb Austin S. Hemmelgarn:
Hi Austin,
> You're not demonstrating it's inherently present in the architecture,
I am not demonstrating it, interesting statement. I take different arches from
different vendors which were developed independently from each other and I see
the phenomenon to an equal degree in all of them.
So, this is no demonstration in your eyes? Interesting conclusion.
Yes, I do not have the statement that gate X or function Y in a CPU is the
trigger point. Thus the absolute root cause to the unpredictable phenomenon is
yet unknown to me. I am hunting that -- I spoke with hardware folks from 3
different major chip vendors yet and they all have difficulties in explaining
it. One vendor is currently helping me dissecting the issue.
>
> > I do not care about the form factor of the test system server, desktop or
> > embedded systems nor do I care about the number of attached devices -- the
> > form factor and number of attached devices is the differentiator of what
> > you call embedded vs server vs desktop.
>
> I don't care about form factor, I care about the CPU, and embedded
> systems almost always have simpler CPU designs (not including all the
> peripherals they love to add in on-die). Your own analysis indicates
> that your getting entropy from the complex interaction of the different
> parts of the CPU. Such complexities are less present in simpler CPU
> designs.
My RNG has two safety measures to detect noise source failures (again, they
are documented): during startup and at runtime. In both cases, no data will be
produced. But for chips where the self tests pass, we can surely harvest that
unpredictable phenomenon.
And funnily: these health tests would scream loudly in dmesg if the noise
source would not work. Note, in more recent kernels, the RNG is used in a lot
of configurations and I have only received one complaint that the health test
indicated a bad noise source. That was a very special system where a
separation kernel did funky things.
So, as of now, it rather makes sense that you refer me to some embedded
devices that you think will be a challenge. I do not like to theorize.
For me, embedded devices are something like a Rasperry PI or the MIPS system
which are tested.
> >> Android barely counts as an embedded system anymore, as many Android
> >
> > Then read F.28ff -- these are truly embedded systems (i.e. the routers
> > that I have on my desk)
>
> 1. I'm actually rather curious what router you managed to get Android
> running on.
> 2. This is still an insanely small sample size compared to the rest of
> your results.
I think this will be the last answer for now from my side: I ask you to read
my document as I really do not want to restate 150+ pages here!
This machine is no Android system but an AVM FritzBox router system that is
very popular in Germany, as referenced in the document. It runs with highly
modified Linux system -- as documented.
And instead of complaining about the test sample, you should help us by doing
more testing, if you feel that the health tests in the RNG are insufficient.
Besides, if you really worried about the lower bound I mentioned in the
appendix F, use the oversampling rate turning knob
jent_entropy_collector_alloc as documented. Finally, if that is not of your
liking, generate a bit more data with the Jitter RNG than you think you need
entropy wise.
Ciao
Stephan
next prev parent reply other threads:[~2016-06-22 13:25 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-31 18:37 [PATCH v4 0/5] /dev/random - a new approach Stephan Mueller
2016-05-31 18:37 ` [PATCH v4 1/5] crypto: DRBG - externalize DRBG functions for LRNG Stephan Mueller
2016-05-31 18:38 ` [PATCH v4 2/5] random: conditionally compile code depending on LRNG Stephan Mueller
2016-05-31 18:39 ` [PATCH v4 3/5] crypto: Linux Random Number Generator Stephan Mueller
2016-05-31 18:39 ` [PATCH v4 4/5] crypto: LRNG - enable compile Stephan Mueller
2016-05-31 18:39 ` [PATCH v4 5/5] random: add interrupt callback to VMBus IRQ handler Stephan Mueller
2016-05-31 22:34 ` [PATCH v4 0/5] /dev/random - a new approach George Spelvin
2016-06-15 16:17 ` David Jaša
2016-06-15 16:58 ` Stephan Mueller
2016-06-17 13:56 ` David Jaša
2016-06-17 15:26 ` Sandy Harris
2016-06-18 8:22 ` Stephan Mueller
2016-06-18 8:21 ` Stephan Mueller
2016-06-18 14:44 ` Theodore Ts'o
2016-06-18 16:31 ` Stephan Mueller
2016-06-20 17:07 ` Austin S. Hemmelgarn
2016-06-20 18:32 ` Stephan Mueller
2016-06-21 13:05 ` Austin S. Hemmelgarn
2016-06-21 13:19 ` Tomas Mraz
2016-06-21 17:18 ` Austin S. Hemmelgarn
2016-06-21 17:23 ` Stephan Mueller
2016-06-21 17:54 ` Austin S. Hemmelgarn
2016-06-21 18:05 ` Stephan Mueller
2016-06-21 13:20 ` Stephan Mueller
2016-06-21 17:51 ` Austin S. Hemmelgarn
2016-06-21 18:04 ` Stephan Mueller
2016-06-21 19:31 ` Austin S. Hemmelgarn
2016-06-22 5:16 ` Stephan Mueller
2016-06-22 12:54 ` Austin S. Hemmelgarn
2016-06-22 13:25 ` Stephan Mueller [this message]
2016-06-21 13:42 ` Pavel Machek
2016-06-21 17:17 ` Austin S. Hemmelgarn
2016-06-21 12:25 ` David Jaša
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10276045.g3Gar43YLo@tauon.atsec.com \
--to=smueller@chronox.de \
--cc=ahferroin7@gmail.com \
--cc=andi@firstfloor.org \
--cc=cryptography@lakedaemon.net \
--cc=djasa@redhat.com \
--cc=hpa@linux.intel.com \
--cc=joe@perches.com \
--cc=jsd@av8n.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@horizon.com \
--cc=pavel@ucw.cz \
--cc=sandyinchina@gmail.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).